Morning Overview on MSN

Hackers just hit @antv inside wave 4 of the TeamPCP worm — the same crew that walked off with 3,800 of GitHub’s internal repositories two weeks ago

Sometime in late May 2026, a poisoned update slipped into the @antv family of JavaScript visualization libraries, the ...

CrowdStrike, Google shatter Glassworm botnet

CrowdStrike, working with Google and the Shadowserver Foundation, said it has taken down the Glassworm botnet, a ...
Spiceworks on MSN

Did AI write the worm that breached GitHub’s own house?

A single developer. One poisoned extension. Five supply chain surfaces compromised in 48 hours. And a threat group claiming ...

npm worm Shai-Hulud: Attack of the clones

The malware authors behind the npm worm Shai-Hulud have released the source code. Now the first clones are appearing.
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...

TanStack weighs invitation-only pull requests after supply chain attack

Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on ...
adtmag.com

The Worm That Ate JavaScript: Inside the Shai-Hulud Supply Chain Attack

The notification arrived on September 14, 2025, at 17:58 UTC. Somewhere in the sprawling npm registry—home to 2.5 million JavaScript packages that power everything from banking apps to smart ...